The agencies range from the Federal Aviation Administration to
the federal offices that provide disaster relief and administer
Medicare, the General Accounting Office found in a study obtained
by The Associated Press.

“How can this administration talk about protecting privacy when
its own agencies jeopardize some of the public’s most private
information?” asked Sen. Fred Thompson, R-Tenn., chairman of the
Senate Governmental Affairs Committee..

Thompson’s committee has jurisdiction over the 1974 Privacy Act
and other laws that dictate the government’s privacy practices.

At issue is the use by the 13 government Web sites of small text
files called “cookies” that record information about an Internet
user’s browsing habits when they visit a site.

All Federal Agencies Advised

In June, the White House Office of Management and Budget advised
all federal agencies that they are not allowed to use such text
files without approval from the agency head. If they are used, the
OMB directive said, Web site visitors must be given “clear and
conspicuous notice” of such use.

But the GAO, the investigatory arm of Congress, found that 13
agencies were using the technology to track visitors, although
their formal Internet policy claimed they weren’t doing so, and
none of the Web site visitors were advised the technology was being
used.

The study found all 13 tracked consumers’ path during their
visit to the site, and some were employing “persistent” text
files that could be read for years after the initial visit.

In addition, the U.S. Forest Service’s International Programs
site was found to be using so-called “third-party cookies” that
transmit the visitors’ activities to a private company which had
been hired to compile reports for the agency.

Such a practice is not mentioned in the Forest Service site’s
privacy policy.

Forest Service Unaware of Cookies

Forest Service spokesman Joe Walsh said he was unaware of the
use of the tracking technology until contacted for comment Friday.
“We’re looking into it,” Walsh said. “We take this very
seriously.”

The other agencies found to be using the “cookies” software
were the U.S. Customs Service, Bureau of Labor Statistics, Federal
Emergency Management Agency, Office of National Drug Control
Policy, Bureau of Land Management, Central Federal Lands Highway
Division, the Energy Department’s Ames Laboratory, National Park
Service, Office of Personnel Management, the U.S. Trade and
Development Agency and the Health Care Financing Administration,
which runs Medicare.

In June, the White House confirmed that its drug policy office
operated a Web site using the “cookies” technology. The discovery
prompted the directive from the White House budget office.

But the GAO concluded the drug office continues to use the
technology, despite having a privacy policy that prohibits its use.

The drug policy office did not return a call for comment.

Congress has begun to weigh in more heavily on the issue of
government privacy.

A provision sent to the president last week as part of the
Defense Department spending bill Congress approved directs the
government to develop policies to increase computer security at all
federal agencies.

In past months, the GAO has reported that several federal agency
networks, including those of the Department of Veterans Affairs and
the Environmental Protection Agency are easily prone to hacking.